Simplify the trust structure: basically zap the bit strings and

represent everything by OIDs.
author: Dr. Stephen Henson <steve@openssl.org> 1999-12-29 00:40:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-12-29 00:40:28 +0000
commit: 6447cce37251e6d947279a3fd6874e59ed0d3d2d (patch)
tree: ad2355f136234f3ee11a66556429b66a9ae65a22 /CHANGES
parent: 76997b7dd0011e23fb5ed3a49aa693b1fc33bfb6 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index b612be6577..abef4942d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,19 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Simplify the trust setting structure and code. Now we just have
+     two sequences of OIDs for trusted and rejected settings. These will
+     typically have values the same as the extended key usage extension
+     and any application specific purposes.
+
+     The trust checking code now has a default behaviour: it will just
+     check for an object with the same NID as the passed id. Functions can
+     be provided to override either the default behaviour or the behaviour
+     for a given id. SSL client, server and email already have functions
+     in place for compatability: they check the NID and also return "trusted"
+     if the certificate is self signed.
+     [Steve Henson]
+
   *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
      traditional format into an EVP_PKEY structure.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	1999-12-29 00:40:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-12-29 00:40:28 +0000
commit	6447cce37251e6d947279a3fd6874e59ed0d3d2d (patch)
tree	ad2355f136234f3ee11a66556429b66a9ae65a22 /CHANGES
parent	76997b7dd0011e23fb5ed3a49aa693b1fc33bfb6 (diff)